Small and Medium-Sized Business (SME)
No matter your size. You also need information security.
According to Verizon Data Breach Investigations Report, 60% of all successful attacks were aimed at SMEs because—as a group—SMEs lack the expertise, resources, or processes required to monitor and manage security products in IT environments.
A data breach can cost hundreds of thousands of dollars—which can be a catastrophe for SMEs. According to the National Cyber Security Alliance, one in five small businesses falls victim to cybercrime each year. And over half of them go out of business within six months of an attack. Running with gaps in security is a risky business.
Why Would Cyber Criminals Attack My SME?
- Lack of expertise: SME's become the low-hanging fruit for cyber criminals because of the lack of expertise. Attackers can more easily compromise applications and servers, and may not be discovered in months or years as almost 75% of data breaches investigated are focused on companies with less than 100 employees. Yet surprisingly, more than 2/3 of business owners surveyed believe that their data and devices are safe and secure;
- No security personnel: it's common to see security job offers in large and global companies, but not on SMEs. Attackers know that. They can see through your applications and servers that they haven't incorporated security since their conceptions;
- Some cyber criminals just want numbers: it's true that some cyber criminals are focused on certain targets and look for either take them down or make money, but there is another group of attackers that want to compromise the maximum amount of applications and servers they could. The purpose, for example, is to build or increase the size of a botnet. Botnet is a network of compromised applications or servers that act as a one and receive and execute commands from a Command and Control (CNC) server controlled by the attacker. They're usually used to perform large escale Distributed Deny of Service (DDoS) attacks and mine bitcoin.
Is it hard to believe? Just analyze your website logs. You'll find many random requests that didn't come from users. Usually looking for /admin or specific files in order to identify if you're running a vulnerable application. Even if your site isn't on Google. It happens because attackers perform requests in the whole IPv4 address space, thus sending requests to ALL internet-facing servers in the world. They don't really care about who you are, they want your applications and servers compromised for nefarious purposes..
How Gauntlet Can Help Your Business
Combining our cloud-based application security platform with our security services, we can: